Andy Greenberg of Forbes reports that the Safehouse site launched by The Wall Street Journal on Thursday for sources to provide documents and information has problems that would allow for those sources to be identified.
Greenberg writes, “But within hours, the security community was pointing to flaws in the site’s protections for anonymous leakers and the fine print of its policy for source protections that could give away the identities of would-be whistleblowers.
“‘Pro tip: if you’re going to create a document leaking website – have a clue!’ wrote security research Jacob Appelbaum in his Twitter feed.
“Appelbaum, a developer for the Tor anonymity network and a past volunteer for WikiLeaks, says that SafeHouse insecurely implements Secure Socket Layer (SSL) encryption, the protection meant to render any data passed between a user and a website unreadable. When a visitor goes to http://wsjsafehouse.com, for instance, that unencrypted site offers a link to the encrypted HTTPS version of the site. But Appelbaum points out that it doesn’t use a mechanism called Strict Transport Security to switch from the insecure to the encrypted connection. So any lurking man-in-the-middle on the user’s network can use a tool like SSL Strip to make it appear that he or she has entered the encrypted version of the site when in fact the traffic is unprotected.”
Read more here.
Wall Street Journal reporter Hannah Miao is moving to Singapore to cover the China economy.…
Financial Times reporter Simon Foy is now covering European banks. He has been covering accounting for the…
Debtwire, the leading provider of global fixed income news, analysis and data for more than…
Amber Kanwar, an anchor for BNN Bloomberg in Canada, is departing at the end of…
Moody's Ratings has promoted Yvette Kantrow to senior vice president and editor in chief. She has been…
Politico reporter Clare Fieseler is leaving the news organization to take on some ocean reporting projects. She…